CS8792 CNS QBank PIT

CS8792 CRYPTOGRAPHY AND NETWORK SECURITY LTPC
300 3
OBJECTIVES:
• To understand Cryptography Theories, Algorithms and Systems.
• To understand necessary Approaches and Techniques to build protection
mechanisms in order to secure computer networks.
UNIT I INTRODUCTION
Security trends – Legal, Ethical and Professional Aspects of Security, Need for Security at
Multiple levels, Security Policies – Model of network security – Security attacks, services
and mechanisms – OSI security architecture – Classical encryption techniques: substitution
techniques, transposition techniques, steganography- Foundations of modern cryptography:
perfect security – information theory – product cryptosystem – cryptanalysis.
UNIT II SYMMETRIC KEY CRYPTOGRAPHY

MATHEMATICS OF SYMMETRIC KEY CRYPTOGRAPHY:
Algebraic structures – Modular arithmetic-Euclid‟s algorithm- Congruence and matrices -
Groups, Rings, Fields- Finite fields- SYMMETRIC KEY CIPHERS: SDES – Block cipher
Principles of DES – Strength of DES – Differential and linear cryptanalysis – Block cipher
design principles – Block cipher mode of operation – Evaluation criteria for AES –
Advanced Encryption Standard – RC4 – Key distribution.
UNIT III PUBLIC KEY CRYPTOGRAPHY

MATHEMATICS OF ASYMMETRIC KEY CRYPTOGRAPHY: Primes – Primality
Testing –Factorization – Euler‘s totient function, Fermat‘s and Euler‘s Theorem – Chinese
Remainder Theorem – Exponentiation and logarithm – ASYMMETRIC KEY CIPHERS:
RSA cryptosystem – Key distribution – Key management – Diffie Hellman key exchange
-ElGamal cryptosystem – Elliptic curve arithmetic-Elliptic curve cryptography.
UNIT IV MESSAGE AUTHENTICATION AND INTEGRITY

Authentication requirement – Authentication function – MAC – Hash function – Security
of hash function and MAC – SHA –Digital signature and authentication protocols – DSS-
Entity Authentication: Biometrics, Passwords, Challenge Response protocols-
Authentication applications – Kerberos, X.509
UNIT V SECURITY PRACTICE AND SYSTEM SECURITY

Electronic Mail security – PGP, S/MIME – IP security – Web Security – SYSTEM
SECURITY: Intruders – Malicious software – viruses – Firewalls.
Downloaded from: annauniversityedu.blogspot.com

OUTCOMES: At the end of the course, the student should be able to:
➢ Understand the fundamentals of networks security, security architecture, threats and

vulnerabilities
➢ Apply the different cryptographic operations of symmetric cryptographic algorithms
➢ Apply the different cryptographic operations of public key cryptography
➢ Apply the various Authentication schemes to simulate different applications.
➢ Understand various Security practices and System security standards
TEXT BOOK:
1. William Stallings, Cryptography and Network Security: Principles and Practice, PHI
3rd Edition, 2006.
REFERENCES:
1. C K Shyamala, N Harini and Dr. T R Padmanabhan: Cryptography and Network

Security, Wiley India Pvt.Ltd
2. BehrouzA.Foruzan, Cryptography and Network Security, Tata McGraw Hill 2007.
3. Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: PRIVATE
Communication in a PUBLIC World, Prentice Hall, ISBN 0-13-046019-2

UNIT I INTRODUCTION
Security trends – Legal, Ethical and Professional Aspects of Security, Need for Security at
Multiple levels, Security Policies – Model of network security – Security attacks, services
and mechanisms – OSI security architecture – Classical encryption techniques: substitution
techniques, transposition techniques, steganography- Foundations of modern cryptography:
perfect security – information theory – product cryptosystem – cryptanalysis.
PART-A
1. What is Cryptography in network security? (R)

Cryptography is the study and practice of techniques for secure communication in the presence
of third parties called adversaries. Data Confidentiality, Data Integrity, Authentication and Non-
repudiation are core principles of modern-day cryptography.
2.How is cryptography done?

Cryptography, at its most fundamental level, requires two steps: encryption and decryption. The
encryption process uses a cipher in order to encrypt plaintext and turn it into ciphertext. Decryption, on
the other hand, applies that same cipher to turn the ciphertext back into plaintext
3. What is Plain text? (U)

An original message is known as the plaintext (Readable format)
4. What is Cipher Text? (U)

Coded message is called the Cipher Text.(Unreadable format)
5. What is Cryptology? (R)

Cryptology is the study of secure communications, which encompasses both cryptography and
cryptanalysis.
6. Define Cryptanalysis. (R)

The branch of cryptology dealing with the breaking of a cipher to recover information, or
forging encrypted information that will be accepted as authentic.
What are the two main types of cryptography?

There are two basic types of cryptographic systems: symmetric ("private key") and asymmetric
("public key"). Symmetric key systems require both the sender and the recipient to have the same key.
This key is used by the sender to encrypt the data, and again by the recipient to decrypt the data. In
Asymmetric key Messages are encrypted with one key and can be decrypted only by the other key.
7. What is Key? (U)

A sequence of symbols that controls the operation of a cryptographic transformation. A key is

normally a string of bits used by a cryptographic algorithm to transform plain text into cipher text or
vice versa. The key should be the only part of the algorithm that it is necessary to keep secret.
8. What are the aspects of security?

The common security aspects are access control, authentication, non repudiation, data
confidentiality, communication security, data integrity, availability and privacy.
9.What is the need for security?

Network security is any action an organization takes to prevent malicious use or accidental
damage to the network’s private data, its users, or their devices. The goal of network security is to keep
the network running and safe for all legitimate users. Network security is any action an organization
takes to prevent malicious use or accidental damage to the network’s private data, its users, or their
devices. The goal of network security is to keep the network running and safe for all legitimate users.
10. Why OSI Security architecture?

The OSI security architecture is useful to managers as a way of organizing the task of
providing security.It focus on Security attack, Security mechanism and Security
Services.
11. Define Security attack, Security mechanism and Security services.

Security attack: Any action that compromises the security of information owned by an
organization.
Security mechanism: A process (or a device incorporating such a process) that is designed to
detect, prevent, or recover from a security attack.
Security service: A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization. The services are intended
to counter security attacks, and they make use of one or more security mechanisms to provide
the service.
12. What is Symmetric Cryptography? (U)

Symmetric cryptography uses a single private key to both encrypt and decrypt data.
Examples:
AES/Rijndael ,Blowfish,CAST5,DES,IDEA,RC2,RC4,RC6,Serpent,Triple DES, Two fish
13. What is Asymmetric Cryptography? (U)

Asymmetric cryptography or public-key cryptography is cryptography in which a pair of keys
is used to encrypt and decrypt a message .The keys used are public and private key.
Examples: RSA,DSA, PGP
14. What is Passive attack? (U)

Monitoring the message during transmission.
Example: Interception

15. What is Active attack? (U)
Modification of data stream or creation of false data stream.
Example: Fabrication, Modification, and Interruption
16. Differentiate active and passive attacks. (AN) (April / May 2019)
Basis for Active Attack Passive Attack
Comparison
Basic Active attack tries to change Passive attack tries to read or make use of
the system resources or affect information from the system but does not
their operation. influence system resources.
Modification in Occurs does not take place
the information
Harm to the Always causes damage to the Do not cause any harm.
system system.
Threat to Integrity and availability Confidentiality
Attack awareness The entity (victim) gets The entity is unaware of the attack.
informed about the attack.
Task performed The transmission is captured Just need to observe the transmission.
by the attacker by physically controlling the
portion of a link.
Emphasis is on Detection Prevention
17. Distinguish Threat and Attack (Nov/Dec 2018)

Threat -A potential for violation of security, which exists when there is a circumstance, capability,
action, or event that could breach security and cause harm. That is, a threat is a possible danger that
might exploit vulnerability.
Attack -An assault on system security that derives from an intelligent threat; that is, an intelligent act
that is a deliberate attempt (especially in the sense of a method or technique) to evade security services
and violate the security policy of a system.
18. Specify four categories of security threats

• Interruption
• Interception
• Modification
• Fabrication
19.List the different Types of Ciphers. (R)
➢ Shift Ciphers.
➢ Affine Ciphers
➢ Vigenere Cipher
➢ Substitution Ciphers
➢ Sherlock Holmes

➢ Playfair and ADFGX Ciphers
➢ Block ciphers
20. Define integrity and nonrepudiation. (R)

Integrity:
Service that ensures that only authorized person able to modify the message.
Nonrepudiation:
This service helps to prove that the person who denies the transaction is true or false.
21. Define confidentiality and authentication. (R)

Confidentiality:
It means how to maintain the secrecy of message. It ensures that the information in a computer
system and transmitted information are accessible only for reading by authorized person.
Authentication:
It helps to prove that the source entity only has involved the transaction.
22. Define security mechanism. (U)

It is process that is designed to detect prevent, recover from a security attack.
Example: Encryption algorithm, Digital signature, Authentication protocols.
23. Specify the four categories of security threads. (R)

➢ Interruption
➢ Interception
➢ Modification
➢ Fabrication
24. Differentiate symmetric and asymmetric encryption. (AN)

Symmetric Encryption:
It is a form of cryptosystem in which encryption and decryption performed using the
same key. Eg: DES, AES
Asymmetric Encryption:
It is a form of cryptosystem in which encryption and decryption performed using two
keys. Eg: RSA, ECC

25. Difference between Substitution cipher and Transposition cipher.
Substitution cipher Transposition cipher
In transposition Cipher
In substitution Cipher Technique, plain text
Technique, plain text characters
characters are replaced with other characters, numbers
are rearranged with respect to
and symbols.
the position.
Transposition Cipher’s
Substitution Cipher’s forms are: Mono alphabetic forms are: Key-less
substitution cipher and poly alphabetic substitution cipher. transposition cipher and keyed
transposition cipher.
While in transposition
Cipher Technique, The position
In substitution Cipher Technique, character’s identity is
of the character is changed but
changed while its position remains unchanged.
character’s identity is not
changed.
While in transposition
In substitution Cipher Technique, The letter with low Cipher Technique, The Keys
frequency can detect plaint ext. which are nearer to correct key
can disclose plain text.
The example of
The example of substitution Cipher is Caesar Cipher. transposition Cipher is Reil
Fence Cipher.
27. Give an example each for substitution and transposition ciphers. ( Nov/Dec 2013)
The example of substitution Cipher is Caesar Cipher.The example of transposition Cipher is Reil Fence
Cipher.
28. Differentiate unconditionally secured and computationally secured. (AN)
An Encryption Algorithm is unconditionally secured means that the condition is if the cipher
text generated by the encryption scheme doesn’t contain enough information to determine
corresponding plaintext.
Encryption is computationally secured means,
1. The cost of breaking the cipher exceed the value of enough information.
2. Time required to break the cipher exceed the useful lifetime of information.
29. Define steganography. (R)

Hiding the message into some cover media. It conceals the existence of a message.
30. Why network need security? (U)

When systems are connected through the network, attacks are possible during Transmission
time.

31. Define Encryption. (R)
The process of converting from plaintext to cipher text.
32. Specify the components of encryption algorithm. (R) (April/May 2019)

1. Plaintext
2. Encryption algorithm
3. Secret key
4. Cipher text
5. Decryption algorithm
33. Define product cipher. (R)

Product cipher performs two or more basic ciphers in sequence in such a way that the final
result or product is crypto logically stronger than any of the component ciphers.
34. Why is asymmetric cryptography bad for huge data? Specify the reason.
(U) (April/May 2018)
There are two main reasons why asymmetric cryptography is practically never used to directly
encrypt significant amount of data:
1) Size of cryptogram
2) Performance
35. Calculate the cipher test for the following using one time pad cipher. (A) (Nov/Dec 2018)
Plain Text: ROCK Keyword: BOTS
17 (R) 14 (O) 2 (C) 10 (K) -> Plain Text

1 (B) 14 (O) 19 (T) 18 (S) -> Key
18 28 21 28 -> Plain Text + Key
18 (S) 2 (C) 21 (V) 2 (C) -> (Plain Text+Key) mod 26
Cipher Text: SCVC
36. Define Monoalphabetic substitution cipher?

A monoalphabeetic substitution cipher, also known as simple substitution cipher, relies on a
fixed replacement structure. That is, the substituiion is fixed for each letter of the alphabet. Thus, if
“a” is encrypted to “R”, then every time “a” in the plain text, we replace it with the letter ‘”R” in the
ciphertext.
37. What are the rules of PlayFair cipher?
• Repeating plaintext letters that are in the same pair are separated with a filler letter
• Two plaintext letters that fall in the same row of the matrix are each replaced by the
letter to the right, with the first element of the row circularly following the last
• Two plaintext letters that fall in the same column are each replaced by the letter
beneath, with the top element of the column circularly following the last.

• Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own
row and the column occupied by the other plaintext letter.
38. Convert the given text “Anna University” into cipher text using rail fence technique.
(May/June 2013)
Using rail fence of depth 2 we can write as following:
AnUiest
nanvriy
the encrypted cipher text is AnUiestnanvriy
39. Differentiate Classic Cryptography and Modern Cryptography.
Classic Cryptography Modern Cryptography.

It manipulates traditional characters, i.e., letters It operates33 on binary bit sequences.
and digits directly.
It is mainly based on ‘security through It relies on publicly known mathematical
obscurity’. The techniques employed for coding algorithms for coding the information. Secrecy
were kept secret and only the parties involved in is obtained through a secrete key which is used
communication knew about them. as the seed for the algorithms. The
computational difficulty of algorithms, absence
of secret key, etc., make it impossible for an
attacker to obtain the original information even
if he knows the algorithm used for coding.
It requires the entire cryptosystem for Modern cryptography requires parties interested
communicating confidentially. in secure communication to possess the secret
key only.
40. What is Perfect Security in modern cryptography?

In cryptography the gold standard of security, “perfect security” is a special case of
information-theoretic security wherein for an encryption algorithm, if there is ciphertext produced
that uses it, no information about the message is provided without knowledge of the key.
41. Why information theory in Cryptography?

Information theory has mainly been used in cryptography to prove lower bounds on the size
of the secret key required to achieve a certain level of security in secrecy and authentication systems.
42. What is product Cryptosystem?

A product cryptosystem is a block cipher that repeatedly performs substitutions and
permutations, one after the other, to produce ciphertext.
43. List the types of cryptanalysis attack

• Cipher text only
• Known plain text
• Chosen plaintext

• Chosen cipher text
• Chosen text
44. What is the difference between differential and linear cryptanalysis? (A)
In differential cryptanalysis, it breaks the DES in less 255 complexities. In cryptanalysis, it
finds the DES key given 247 plaintexts.
PART-B
1. What are the different types of attacks? Explain. (8) (U) (Dec - 2013)
2. Explain the OSI security architecture along with the services available. (R) (Nov/Dec 2009)
3. (i) Explain OSI Security Architecture model with neat diagram.(8) (R)
(ii) Describe the various security mechanisms. (8)(U) (Nov/Dec 2016)
4. Explain the network security model and its important parameters with a neat block diagram.
(April/May 2019)
5. Explain briefly on Legal, Ethical and Professional aspects of security.
6. Discuss any four substitution cipher encryption methods and list their merits and demerits. (U)
(May/June 2008) (May/June 2014)(April/May 2016)
7. Explain any all types of cipher techniques in detail. (U) (June 2012) (Dec 2012)
8. Discuss the classical cryptosystem and its types. (U) (May 2011) (June 2013)
9. Explain the play fair cipher with an example. (U) (Nov/Dec 2009)
10. Solve using playfair cipher method. Encrypt the word “Semester Result” with the keyword
“Examination”. Discuss the rules to be followed. (A) (April/May 2019)
11. Explain placement of encryption function. (U)
12. Discuss briefly about traffic confidentiality. (U)
13. Perform Encryption and Decryption using Hill Cipher for the following Message: PEN and
Key: ACTIVATED (A) (Nov/Dec 2018)
14. Explain classical encryption techniques with symmetric cipher and Hill cipher model. (U)
(April/May 2018)
15. (i) Whatis steganography? Describe the various techniques used in steganography. (7)
(ii) What is monoalphabetic cipher? Examine how it differs from Caesar cipher. (6)
(April/May 2019)
16. Describe (U) (April/May 2017)
i. Play Fair Cipher
ii. Railfence Cipher
iii. Vignere Cipher
Encrypt the following using play fair cipher using the keyword MONARCHY.”SWARAJ IS
MY BIRTH RIGHT”. Use X for blank spaces. (A) (Nov/Dec 2017)
17. Briefly explain on foundation for the modern cryptography
18. How to obtain perfect security? Explain with an example.

19. What is information theory? And why it is important for cryptography? Explain in detail.
20. Define product cryptosystem and illustrate it with an example.
21. Enumerate briefly the different techniques used in cryptanalysis.
UNIT II SYMMETRIC KEY CRYPTOGRAPHY

MATHEMATICS OF SYMMETRIC KEY CRYPTOGRAPHY:
Algebraic structures – Modular arithmetic-Euclid‟s algorithm- Congruence and matrices -
Groups, Rings, Fields- Finite fields- SYMMETRIC KEY CIPHERS: SDES – Block cipher
Principles of DES – Strength of DES – Differential and linear cryptanalysis – Block cipher
design principles – Block cipher mode of operation – Evaluation criteria for AES –
Advanced Encryption Standard – RC4 – Key distribution.
PART A
1.Why do we use modular arithmetic so often in cryptography?(Nov/Dec 2013)

Because it easily allow to create groups, rings and fields which are the fundamental blocks of
most modern public key cyptosystems.
2.Define Euclids Algorithm.

An algorithm to compute the greatest common divisor of two positive integers. It is Euclid(a,b){if
(b=0) then return a; else return Euclid(b, a mod b);}. The run time complexity is O((log a)(log b)) bit
operations. It is also known as Euclidean algorithm.
3. Find gcd (1970, 1066) using Euclid's algorithm. (A) (Nov/Dec 2016)
Euclid’s Algorithm to find gcd(a,b):
GCD(a,b) = GCD(b, a mod b)
Euclid's Algorithm to compute GCD (a, b):
• A=a, B=b
• while B>0
• R = A mod B
• A = B, B = R
• return A
Therefore, gcd(1970, 1066) = gcd(1066, 1970 mod 1066) = gcd(1066, 904) = 904.

4.Determine GCD of (24140,16762) using Euclid's algorithm. (A) (April/May 2017)
Step 1. Divide the larger number by the smaller one:24,140 ÷ 16,762 = 1 + 7,378;
Step 2. Divide the smaller number by the above operation's remainder:16,762 ÷ 7,378 = 2 +
2,006;
Step 3. Divide the remainder from the step 1 by the remainder from the step 2:7,378 ÷ 2,006 =
3 + 1,360;
Step 4. Divide the remainder from the step 2 by the remainder from the step 3:2,006 ÷ 1,360 =
1 + 646; Step 5. Divide the remainder from the step 3 by the remainder from the step 4:1,360
÷ 646 = 2 + 68; Step 6. Divide the remainder from the step 4 by the remainder from the step
5:646 ÷ 68 = 9 + 34;
Step 7. Divide the remainder from the step 5 by the remainder from the step 6:68 ÷ 34 = 2 + 0;
At this step, the remainder is zero, so we stop:
34 is the number we were looking for, the last remainder that is not zero.
This is the greatest common factor (divisor).
Greatest (highest) common factor (divisor)
gcf, gcd (24,140; 16,762) = 34 = 2 × 17;
5. Write short notes Congruence. (R)
Let a, b, n be integers with n≠0. We say that a ≡ b (mod n), if a-b is a multiple of n.
6. Write short notes Chinese Remainder Theorem. (R)

Suppose gcd(m,n)=1.Given integers a and b, there exists exactly one solution x(mod mn) to
the simultaneous congruence x ≡ a(mod n) , x ≡ b(mod n).
7. Write short notes Modular Exponentiation. (R)

Modular exponentiation is of the form xa (mod n).
8. Write short notes Fermat’s Little Theorem. (R) (April/May 2017, Nov/Dec 2017)
If p is a prime and p does not divide a, then ap-1 ≡ 1 (mod p)
9. Write short notes Euler’s Theorem. (R) (April/May 2018)

Φ(n)
If gcd(a,n)=1, then a ≡ 1(mod n)
10.What are the properties of Congruences?

Congruences have the following properties:
1. a b (mod n) if n|(a b).
2. a b (mod n) implies b a (mod n)..
3. a b (mod n) and b c (mod n) imply a c (mod n).
11. What are the properties of modular arithmetic?
Modular arithmetic exhibits the following properties:
1. [(a mod n) + (b mod n)] mod n = (a + b) mod n
2. [(a mod n) (b mod n)] mod n = (a b) mod n
3. [(a mod n) x (b mod n)] mod n = (a x b) mod n

12. What is Group, Rings and Fields in cyptography?
A GROUP is a set in which you can perform one operation (usually addition or
multiplication mod n for us) with some nice properties. A RING is a set equipped with two
operations, called addition and multiplication. A RING is a GROUP under addition and satisfies
some of the properties of a group for multiplication. A FIELD is a GROUP under both addition and
multiplication.
13. Define Group

A GROUP is a set G which is CLOSED under an operation ∗ (that is, for any x, y ∈ G, x ∗ y ∈ G) and
satisfies the following properties:
(1) Identity – There is an element e in G, such that for every x ∈ G, e ∗ x = x ∗ e = x.
(2) Inverse – For every x in G there is an element y ∈ G such that x ∗ y = y ∗ x = e, where again e is
the identity.
(3) Associativity – The following identity holds for every x, y, z ∈ G: x ∗ (y ∗ z) = (x ∗ y) ∗ z
14.Define Rings
A RING is a set R which is CLOSED under two operations + and × and satisfying the following
properties:
(1) R is an abelian group under +.
(2) Associativity of × – For every a, b, c ∈ R, a × (b × c) = (a × b) × c
(3) Distributive Properties – For every a, b, c ∈ R the following identities hold: a × (b + c) = (a × b) +
(a × c) and (b + c) × a = b × a + c × a.
15. Define Fields

A FIELD is a set F which is closed under two operations + and × such that
(1) F is an abelian group under + and
(2) F − {0} (the set F without the additive identity 0) is an abelian group under ×.
16. What is simplified DES.

The process of encrypting a plan text into an encrypted message with the use of S-DES has
been divided into multi-steps which may help you to understand it as easily as possible.
Points should be remembered.
It is a block cipher.
It has 8-bits block size of plain text or cipher text.
It uses 10-bits key size for encryption.
It is a symmetric cipher.
It has Two Rounds.
17. How to generate the keys of S-DES?

Step 1: Just select a random key of 10-bits, which only should be shared between both parties which
means sender and receiver.
Step 2: Put this key into Table and permute the bits.
Step 3: Divide the key into two halves, left half and right half;
Step 4: Now apply the one bit Round shift on each half:
Step 5: Now once again combine both halve of the bits, right and left. Put them into the table for
permutation. What you get, that will be the K1 or First key.
Step 6: As we know S-DES has two round and for that we also need two keys, one key we generate in
the above steps (step 1 to step 5). Now we need to generate a second bit and after that we will move
to encrypt the plain text or message.

It is simple to generate the second key. Simply, go in step 4 copy both halves, each one consists of 5
bits. But be careful on the taking of bits. Select those halves which are output of first round shift,
don’t take the bits which are not used in the first round. In simple words, take the output of first round
shift in above step 4.
Step 7: Now just apply two round shift circulate on each half of the bits, which means to change the
position of two bits of each halves.
Step 8: Now put the bits into 8-P Table. But here the combinations of bits are changed because of two
left round shift from step 5. Finally both keys are created successfully:
18. Define Stream cipher. (R)

Processes the input stream continuously and producing one element at a time.
Example: caeser cipher.
19. Define Block cipher. (R)

Processes the input one block of elements at a time producing an output block for each input
block.
Example: DES.
20. Compare stream cipher with block cipher with example. (AN) (April/May 2016)
Stream Cipher:
Processes the input stream continuously and producing one element at a time.
Example: caeser cipher.
Block cipher:
Processes the input one block of elements at a time producing an output block for each
input block.
Example: DES.
21. Give the five modes of operation of Block cipher. (R)

1. Electronic Codebook(ECB)
2. Cipher Block Chaining(CBC)
3. Cipher Feedback(CFB)
4. Output Feedback(OFB)
5. Counter(CTR)
22. Specify the design criteria of block cipher. (U)

Number of rounds
• Design of the function F
• Key scheduling
23. Define Diffusion & confusion. (R)

Diffusion:
It means each plaintext digits affect the values of many ciphertext digits which is equivalent to
each ciphertext digit is affected by many plaintext digits. It can be achieved by performing permutation
on the data. It is the relationship between the plaintext and ciphertext.
Confusion:

It can be achieved by substitution algorithm. It is the relationship between ciphertext and key.
24. What are the design parameters of Feistel cipher network? (R)
➢ Block size
➢ Key size
➢ Number of Rounds
➢ Subkey generation algorithm
➢ Round function
➢ Fast software Encryption/Decryption
➢ Ease of analysis
25. Explain the avalanche effect.

A desirable property of any encryption algorithm is that a small change in either the plaintext or the
key should produce a significant change in the ciphertext. In particular, a change in one bit of the
plaintext or one bit of the key should produce a change in many bits of the ciphertext. This is referred
to as the avalanche effect. If the change were small, this might provide a way to reduce the size of the
plaintext or key space to be searched.
26. What is the strength of DES?

• The use of 56 bit keys
• The nature of DES algorithm
• Timing attacks
27. What is substitution and permutation?

Substitution: Each plaintext element or group of elements is uniquely replaced by a corresponding
ciphertext element or group of elements.
Permutation: A sequence of plaintext elements is replaced by a permutation of that sequence. That is,
no elements are added or deleted or replaced in the sequence, rather the order in which the elements
appear in the sequence is changed.
28. State advantages of counter mode. (U)

1. Hardware Efficiency
2. Software Efficiency
3. Preprocessing
4. Random Access
5. Provable Security
6. Simplicity.
29. Define Multiple Encryption. (R)

It is a technique in which the encryption is used multiple times.
Example: Double DES, Triple DES

30. What was the original set of criteria used by NIST to evaluate candidate AES cipher? (R)
The original set of criteria used by NIST to evaluate candidate AES cipher was:
➢ Security
➢ Actual Security
➢ Randomness
➢ Soundness
➢ Other security factors
➢ Cost
➢ Licensing Requirements
➢ Computational Efficiency
➢ Memory Requirements
➢ Algorithm And Implementation Characteristics
➢ Flexibility
➢ Hardware and software suitability
➢ Simplicity
31. What was the final set of criteria used by NIST to evaluate candidate AES ciphers? (R)
The final set of criteria used by NIST to evaluate candidate AES ciphers are:
➢ General Security
➢ Software Implementations
➢ Restricted-Space Environments
➢ Hardware Implementations
➢ Attacks On Implementations
➢ Encryption vs. Decryption
➢ Key Agility
➢ Other Versatility and Flexibility
➢ Potential for Instruction-Level Parallelism
32. What is Power Analysis? (R)

Power Analysis is the power consumed by the smart card at any particular time during the
cryptographic operation is related to the instruction being executed and to the data being processed.
Example: Multiplication consumes more power than addition and writing 1s consumes more power
than writing 0s.
33. What is the purpose of the State Array? (U)

A single 128-bit block is depicted as a square matrix of bytes. This block is copied into the State
array, which is modified at each stage of encryption or decryption. After the final stage, State is copied
to an output matrix.
34. How is the S-box constructed? (U)

The S-box is constructed in the following fashion:
• Initialize the S-box with the byte values in ascending sequence row by row.
• The first row contains {00}, {01}, {02}, ……….., {0F};

• The second row contains {10},{11},etc; and so on. Thus, the value of the byte at row x, column
y is {x y}.
• Map each byte in the S-box to its multiplicative inverse in the finite field GF (28); the value
{00} is mapped to itself.
• Consider that each byte in the S-box consists of 8 bits labeled (b7, b6, b5, b4, b3, b2, b1, b0).
• Apply the transformation to each bit of each byte in the S-box.
35. Briefly describe Sub Bytes. (U)

Sub byte uses an S-box to perform a byte-by-byte substitution of the block. The left most 4 bits
of the byte are used as row value and the rightmost 4 bits are used as a column value. These row and
column values serve as indexes into the S-box to select a unique 8-bit value.
36. Briefly describe Shift Rows. (U)

In shift row, a row shift moves an individual byte from one column to another, which is a linear
distance of a multiple of 4 bytes. In Forward Shift Row, each row perform circular left shift. Second
Row a 1-byte circular left shift is performed. Third Row a 2-byte circular left shift is performed. For
the Fourth Row a 3-byte circular left shift is performed. In Inverse Shift Row, each row perform circular
right shift.
37. How many bytes in State are affected by Shift Rows? (R)
Totally 6-bytes in state are affected by Shift Rows.
38. Briefly describe Mix Columns. (U)

Mix Column is substitution that makes use of arithmetic over GF(28).Mix Column operates on
each column individually. Each byte of a column is mapped into a new value that is a function of all
four bytes in the column. The Mix Column Transformation combined with the shift row transformation
ensures that after a few rounds, all output bits depend on all input bits.
39. Briefly describe Add Round Key. (U)

In Add Round Key, the 128 bits of State are bit wise XORed with the 128 bits of the round key.
The operation is viewed as a column wise operation between the 4 bytes of a State column and one
word of the round key; it can also be viewed as a byte-level operation. The Add Round Key
transformation is as simple as possible and affects every bit of State.
40. Briefly describe the Key Expansion Algorithm. (U)

The AES key expansion algorithm takes as input a 4-word (16-byte) key and produces a linear
array of 44 words(156 bytes). This is sufficient to provide a 4-word round key for the initial Add Round
Key stage and each of the 10 rounds of the cipher.
41. What is the difference between Sub Bytes and Sub Word? (AN)
Sub Bytes:
Sub Bytes uses an S-box to perform a byte-by-byte substitution of the block.
Sub Word:

Sub Word performs a byte substitution on each byte of its input word, using the S-box.
42. What is the difference between Shift Rows and Rot Word? (AN)
Shift Rows: Shift Row is simple permutation. It shifts the rows circularly left or right.
Rot Word: Rot word performs a one-byte circular left shift on a word. This means that an input
word [b0,b1,b2,b3] is transformed into [b1,b2,b3,b0].
43.Why do some block cipher modes of operation only use encryption while others use both
encryption and decryption? (AN)
Some block cipher modes of operation only use encryption because the input is set to some
initialization vector and the leftmost bits of the output of the encryption function are ‘XOR’ed with the
first segment of plain text p1 to produce the first unit of cipher text C1 and it is transmitted. While in
decryption, the cipher text is XORed with the output of the encryption function to produce the plain
text.
44. What is triple encryption? (U)

Tuchman proposed a triple encryption method that uses only two keys [TUCH79]. The function
follows an encrypt – decrypt – encrypt (EDE) sequence. C=Ek1 [Dk2[Ek1[P]]] There is no
cryptographic significance to the use of decryption for the second stage. Its only advantage is that it
allows users of 3DES to decrypt data encrypted by users of the older single DES: C=Ek1[Dk2[Ek1[P]]]
= Ek1[P].
45. What is a meet-in-the-middle attack? (U)

Meet-in-the-middle attack, was first described in [DIFF77]. It is based on the observation that,
if we have C=Ek2[Ek1[P]] Then X=Ek1[P]=Dk2[C].
Given a known pair, (P,C), the attack proceeds as follows. First, encrypt P for all 256 possible
values of K1. Store these results in a table and then sort the table by the values of X. Next, decrypt C
using all 256 possible values of K2. As each decryption is produced, check the result against the table
for a match. If a match occurs, then test the two resulting keys against a new known plaintext-ciphertext
pair. If the two keys produce the correct ciphertext, accept them as the correct keys.
46. How many keys are used in triple encryption? (R)

Tuchman proposed a triple encryption method that uses only two keys [TUCH79].
48. List the parameters (block size, key size, number of rounds)for three AES versions. (R)
(April/May 2018)
Version Number of Key Size Block Size

rounds
AES-128 10 128 bits 128 bits
AES-192 12 192 bits 128 bits
AES-256 14 256 bits 128 bits

49. Compare DES and AES. (AN) (Nov/Dec 2018)
AES DES
AES stands for Advanced Encryption Standard DES stands for Data Encryption
Standard
Key length can be of 128-bits, 192-bits and Key length is 56 bits in DES.
256-bits.
Number of rounds depends on key length : DES involves 16 rounds of identical
10(128-bits), 12(192-bits) or 14(256-bits) operations
The structure is based on substitution- The structure is based in feistal network.
permutation network.
AES is more secure than the DES cipher and is DES can be broken easily as it has
the de facto world standard. known vulnerabilities. 3DES(Triple
DES) is a variation of DES which is
secure than the usual DES.
The rounds in AES are : Byte Substitution, The rounds in DES are : Expansion,
Shift Row, Mix Column and Key Addition XOR operation with round key,
Substitution and Permutation
AES can encrypt 128 bits of plaintext. DES can encrypt 64 bits of plaintext.
AES cipher is derived from square cipher. DES cipher is derived from Lucifer
cipher.
AES was designed by Vincent Rijmen and DES was designed by IBM.
Joan Daemen.
No known crypt-analytical attacks against AES Known attacks against DES include :
but side channel attacks against AES Brute-force, Linear crypt-analysis and
implementations possible. Biclique attack have Differential crypt-analysis.
better complexity than brute-force but still
ineffective.
50. Brief the strengths of triple DES. (U) (Nov/Dec 2016)

Triple DES provides a relatively simple method of increasing the key size of DES to protect
against such attacks, without the need to design a completely new block cipher algorithm.
51. What are the different modes of operation of DES? (April/May 2011)
In DES there are four modes of operation, the modes specify how data will be encrypted
(cryptographically protected) and decrypted (returned to original form). The modes are the Electronic
Codebook (ECB) mode, the CipherBlock Chaining (CBC) mode, the Cipher Feedback (CFB) mode,
and the Output Feedback (OFB) mode.
52. Explain Avalanche effect. (U)

A desirable property of any encryption algorithm is that a small change in either the plaintext
or the key produces a significant change in the ciphertext. In particular, a change in one bit of the

plaintext or one bit of the key should produce a change in many bits of the ciphertext. If the change
is small, this might provider a way to reduce the size of the plaintext or key space to be searched.
53. What is the key size for Blowfish? (R)

Blowfish makes use of a key that ranges from 32 bits to 448 bits (one to fourteen 32-bit words).
That key is used to generate 18 32-bit subkeys and four 8*32 S-boxes containing a total of 1024 32-bit
entries. The total is 1042 32-bit values, or 4168 bytes.
54. What are the primitive operations used in Blowfish? (R)

Blowfish uses two primitive operations:
Addition: Addition of words, denoted by +, is performed modulo 232.
Bit wise exclusive-OR: This operation is denoted by .
55. What are the common mathematical constants used in RC5? (R)
W :Word size in bits. RC5 encrypts 2-word blocks. 16, 32,64 r: Number of rounds. 0,1,….,255
B Number of 8-bit bytes (octets) in the secret key K. 0,1,….,255
56. List out the primitive operations used in RC5. (R)

RC5 uses three primitive operations (and their inverse):
Addition: Addition of words, denoted by +, is performed modulo 2w. The inverse
operation, denoted by -, is subtraction modulo 2w.
Bitwise exclusive-OR: This operation is denoted by “ ”.
Left cicular rotation: The cyclic rotation of word x left by y bits is denoted by x<<<y.
The inverse is the right circular rotation of word x by y bits, denoted by x>>>y.
57. List the important design considerations for a stream cipher. (R)
The encryption sequence should have a large period. The key stream should approximate the
properties of a true random number stream as close as possible. The output of the pseudorandom
number generator is conditioned on the value of the input key.
58. Why is it not desirable to reuse a stream cipher key? (AN)

If two plaintexts are encrypted with the same key using a stream cipher then cryptanalysis is
often quite simple. If the two cipher text streams are ‘XOR’ed together the result is the XOR of the
original plaintexts. So it is not desirable to reuse a stream cipher key.
59. What is the primitive operation used in RC4? (R)

The primitive operation used in RC4 is bit wise Exclusive-OR (XOR) operation.
60. What are the primitive operations used in RC5? (R) (April/May 2019)
RC5 uses three primitive operations (and their inverse):
• Addition: Addition of words, denoted by +, is performed modulo 2w. The inverse operation,

denoted by -, is subtraction modulo 2w.
• Bitwise exclusive-OR: This operation is denoted by “⊕”.
• Left circular rotation: The cyclic rotation of word x left by y bits is denoted by x<<<y. The inverse
is the right circular rotation of word x by y bits, denoted by x>>>y.
61.Give the five modes of operation of block cipher. ( R ) (April/May 2017)
1. Electronic Code Book (ECB)
2. Cipher Block Chaining (CBC)
3. Cipher Feedback (CFB)
4. Output Feedback (OFB)
5. Counter (CTR)
PART-B
1. Solve gcd(98,56) using Extended Euclidean Algorithm. Write the algorithm also. (A)
(Nov/Dec 2018)
2. Discuss the properties that are to be satisfied by Groups, Rings and Fields. (U)
(Nov/Dec 2017)
3. Discuss in detail the different ways of distribution of public keys. (U) (Nov/Dec 2007)
4. Describe the block cipher modes of operation in detail. (U)
5. With a neat structure of classical Feistel network, indicate the parameters and design features which
are essential for the exact realization of the network. (U) (May/June 2007)
6. Discuss the block cipher modes of operation and give the advantages and disadvantages. (U)
(May/June 2009, May/June 2010)
7. Explain AES algorithm with all its round functions in detail. (16) (U) (Nov/Dec 2016)
(April/May 2018)
8. Explain in detail the transformation takes place in AES encryption procedure. (E)
(Nov/Dec 2009)
9. Discuss about AES Cipher. (U) (May/June 2010)
10. (i) Describe in detail the key generation in AES algorithm and its expansion format. (7) (U)
(ii) Describe DSE and its applications. (6) (U) (April/May 2019)
11. Explain in detail about DES. (U) (June 2013) (Dec 2012) (April / May 2016)
(April / May 2017)
12. Explain about the single round DES algorithm. (10) (U) (May 2011) (June – 2014)
13. Describe key discarding process of DES. (6) (U) (May 2011)
14. Draw the general structure of DES and explain the encryption decryption process. (U)
(May/June 2009)
15. Mention the strengths and weakness of DES algorithm. (AN) ( May/June 2009)
16. For each of the following elements of DES, indicate the comparable element in AES if available.
(A) (Nov/Dec 2017)
(i) XOR of subkey material with the input to the function.
(ii) F function.

(iii)Permutation p.
(iv) Swapping of halves of the block.
17. Explain in detail about Block Cipher mode of operation. (16) (U) (June 2012) (Dec - 2013)
18. Explain in detail about RC4 algorithm. (U) (June 2012
19. Briefly explain the distribution of key for encryption and decryption to take place.
20. Discuss briefly about differential and linear cryptanalysis. (U) (May/June 2010)
UNIT III PUBLIC KEY CRYPTOGRAPHY

MATHEMATICS OF ASYMMETRIC KEY CRYPTOGRAPHY: Primes – Primality
Testing –Factorization – Euler‘s totient function, Fermat‘s and Euler‘s Theorem – Chinese
Remainder Theorem – Exponentiation and logarithm – ASYMMETRIC KEY CIPHERS:
RSA cryptosystem – Key distribution – Key management – Diffie Hellman key exchange
-ElGamal cryptosystem – Elliptic curve arithmetic-Elliptic curve cryptography.
PART A
1. Define Primality Testing.

A primality test is an algorithm for determining whether an input number is prime. Among
other fields of mathematics, it is used for cryptography. Unlike integer factorization, primality tests
do not generally give prime factors, only stating whether the input number is prime or not.
2. Term Prime Number

An integer p > 1 is a prime number if and only if its only divisors are ±1
and ±p.
3. Name any two methods to find prime numbers. (April/May 2011)

1.Traditionaly sieve using trial division.
2.Statistical Primality testing
4. Quote Fermat’s Theorem

If p is prime and a is a positive integer not divisible by p, then
ap-1 ≡ 1 (mod p).
5. State Euler’s Theorem ? (May /June 2014)

Euler’s theorem states that for every a and n that are relatively prime:
aø(n) ≡ 1(mod n)
6. Euler’s Totient Function

The number of positive integers less than n and relatively prime to n. ø(1)=1

ø(p) = p - 1
suppose that we have two prime numbers p and q with p ≠ q. Then we can
show that, for n = pq,
ø(n) = ø(pq) = ø(p) * ø(q) = (p - 1) * (q - 1)
7. Why random numbers are important for network security? (May /June 2014)
Randomness is important in cryptography to ensure secret keys are random, security against
attacks, privacy and anonymity, and to ensure unpredictability. This can only be achieved by using high
quality random numbers hard for computers to generate.
8. What is Discrete Logarithms? (R) (April/May 2011) (May /June 2014)

Discrete logarithms are fundamental to a number of public-key algorithms, including Diffie
Hellman key exchange and the digital signature algorithm.
9. List the approaches of Computing Discrete Logarithms. (R)

➢ Pohlig Hellman Algorithm
➢ Baby-step Giant-step
➢ Index calculus algorithm
10. Difference between Conventional Encyption and Pubic Key Encyption
Conventional Encryption Public-Key Encryption

Needed to Work: Needed to Work:
1. The same algorithm with the same key is used for 1. One algorithm is used for encryption and
encryption and decryption. decryption with a pair of keys, one for encryption
2. The sender and receiver must share the algorithm and one for decryption.
and the key. 2. The sender and receiver must each have one of the
matched pair of keys (not the same one).
Needed for Security: Needed for Security:
1. The key must be kept secret. 1. One of the two keys must be kept secret.
2. It must be impossible or at least impractical to 2. It must be impossible or at least impractical to
decipher a message if no other information is decipher a message if no other information is
available. available.
3. Knowledge of the algorithm plus samples of 3. Knowledge of the algorithm plus one of the keys
ciphertext must be insufficient to determine the key plus samples of ciphertext must be insufficient to
determine the other key
11. Give the applications of the public key cryptosystem.(U) (April/May 2019)
Public Key Cryptography is used in a number of applications and systems software. Some examples
of application of cryptography are:
• Digitally signed document
• E-mail encryption software such as PGP and MIME

• RFC 3161 authenticated timestamps
• Digital signatures in the Operating System software such as Ubuntu, Red Hat Linux packages
distribution
• SSL protocol
• SSH protocol
12. Define RSA. (R)

RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) is an
algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well
as encryption, and was one of the first great advances in public key cryptography.
13. List the four possible approaches to attack the RSA Algorithm. (R)
1. Brute Force
2. Mathematical Attacks
3. Timing attacks
4. Chosen Cipher text attacks
14. Why is trap door one way function used? (AN) (Nov/Dec 2018)
A trapdoor one way function is a function that is easy to compute in one direction, yet difficult
to compute in the opposite direction (finding its inverse) without special information, called the
"trapdoor". Trapdoor functions are widely used in cryptography.
15. What is an elliptic curve? (R) (Nov/Dec 2016)

An elliptic curve will simply be the set of points described by the equation: y2=x3+ax+b
16. State the difference between private key and public key algorithm. (R) (April/May 2017)
S.NO Private Key/ Symmetric Encryption Public Key/ Asymmetric Encryption
1 Symmetric encryption incorporates only Asymmetric Encryption consists of two
one key for encryption as well as cryptographic keys. These keys are regarded as
decryption. Public Key and Private Key.
2 Symmetric encryption is a simple Contribution from separate keys for encryption
technique compared to asymmetric and decryption makes it a rather complex
encryption as only one key is employed to process.
carry out both the operations.
17. Perform encryption for the plain text M=88 using the RSA algorithm p=17, q=11 and the
public component e=7.(A) (Nov/Dec 2017)
p = 17, q = 11, n=p * q = 187, Φ(n) = (p-1)(q-1)=160 e=7
Encryption:
C = 887mod 187 = 11
Decryption:
M = 1123mod 187 = 88
18. Give the significance of hierarchical key control. (AN) ( Nov/Dec 2017)

Hierarchies of KDC’s (Key Distribution Control) required for large networks. A single KDC
may be responsible for a small number of users since it shares the master keys of all the entities
attached to it . If two entities in different domains want to communicate, local KDCs communicate
through a global KDC.
19. Perform encryption and decryption using RSA algorithm for the following:
p = 7; q = 11; e = 17; M= 8 (A) (April/May 2018)
n = p * q = 7 * 11 = 77
f(n) = (p-1) * (q-1) = 6 * 10 = 60
Now, we need to compute d = e-1 mod f(n) by using backward substitution of GCD algorithm:
According to GCD:
60 = 17 * 3 + 9
17 = 9 * 1 + 8
9=8*1+1
8=1*8+0
Therefore, we have:
1=9–8
= 9 – (17 – 9)
= 9 – (17 – (60 – 17 * 3))
= 60 – 17*3 – (17 – 60 + 17*3)
= 60 – 17 *3 + 60 – 17*4
= 60*2 – 17*7
Hence, we get d = e-1 mod f(n) = e-1 mod 60 = -7 mod 60 = (53-60) mod 60 = 53
So, the public key is {17, 77} and the private key is {53, 77}, RSA encryption and decryption is
following:
Encryption Decryption
Plaintext ciphertext Plaintext
817 Mod 77= 57 5753 Mod 77 = 8
PU= (17, 77) PR= (53, 77)
20. How Key distribution can take place between two parties?
1. A can select a key and physically deliver it to B.
2. A third party can select the key and physically deliver it to A and B.
3. If A and B have previously and recently used a key, one party can transmit the new key to the
other, encrypted using the old key.
4. If A and B each has an encrypted connection to a third party C, C can deliver a key on the
encrypted links to A and B.
21. Define nonce.

The nonce may be a timestamp, a counter, or a random number, the minimum
requirement is that it differs with each request. Also, to prevent masquerade, it should be difficult for
an opponent to guess the nonce. Thus, a random number is a good choice for a nonce.
22. How secret key is distributed between two parties?

1.A generates a public/private key pair {PUa, PRa} and transmits a message to B consisting of PUa
and an identifier of A, IDA.
2. B generates a secret key, Ks, and transmits it to A, encrypted with A's public key.
3. A computes D(PRa, E(PUa, Ks)) to recover the secret key. Because only A can decrypt the
message, only A and B will know the identity of Ks.
4. A discards PUa and PRa and B discards PUa.
23. What are the key concepts of man in the middle attack?
Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor
inserts himself as a relay/proxy into a communication session between people or systems.
A MITM attack exploits the real-time processing of transactions, conversations or transfer of other
data.
Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for
them without either outside party knowing until it is too late.
24. Descirbe how secret key is distributed in Public Key distribution?

1. A uses B's public key to encrypt a message to B containing an identifier of A (IDA) and a nonce
(N1), which is used to identify this transaction uniquely.
2. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a new nonce
generated by B (N2) Because only B could have decrypted message (1), the presence of N1 in
message (2) assures A that the correspondent is B.
3. A returns N2 encrypted using B's public key, to assure B that its correspondent is A.
4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to B. Encryption of this message with
B's public key ensures that only B can read it; encryption with A's private key ensures that only A
could have sent it.
5.B computes D(PUa, D(PRb, M)) to recover the secret key.
25. State whether symmetric and asymmetric cryptographic algorithms need key echange?
(May/June 214)
Yes they need key exchange. If the cipher is a symmetric key cipher, both will need a copy of
the same key. If it is an asymmetric key cipher with the public/private key property, both will need
the other's public key.
26. What is the necessity of Diffie-Hellman Key Exchange?

The purpose of the algorithm is to enable two users to securely exchange a key that can then
be used
for subsequent encryption of messages. The algorithm itself is limited to the exchange of secret
values.
27. Is Diffie-Hellman a symmetric algorithm?

Diffie Hellman uses a private-public key pair to establish a shared secret, typically a
symmetric key. DH is not a symmetric algorithm – it is an asymmetric algorithm used to establish a
shared secret for a symmetric key algorithm.

28. What is the difference between Diffie-Helman and RSA?
Diffie – Hellman is used to generate a shared secret in public for later symmetric (“private-key”)
encryption. RSA is an asymmetric algorithm used to encrypt data and digitally sign transmissions..
RSA is widely used to protect Internet traffic, including e-mail
22. What is ElGamal Cryptosystem?

ElGamal is a public key cryptosystem based on the discrete logarithm problem for a group G, i.e.
every person has a key pair (sk,pk), where sk is the secret key and pk is the public key, and given
only the public key one has to find the discrete logarithm (solve the discrete logarithm problem) to
get the secret key.
30. Using ElGamal Scheme, let α = 5, p =11, XA= 2. Find the value of YA. (A)
α = 5, p =11, XA= 2
YA = α XAmod p
= 52 mod 11
23. What is Elliptic Curve?

An elliptic curve is a graph that represents the points generated by the following equation:
y2 = x3 + ax + b
Or in pictorial form:
32. What is Elliptic Curve Cryptography?

Elliptic curve cryptography, or ECC is an extension to well-known public key cryptography.
In public key cryptography, two keys are used, a public key, which everyone knows, and a private
key, which only you know.
33. What are the advantages of elliptic curve cryptography?

Advantages. ECC employs a relatively short encryption key -- a value that must be fed into
the encryption algorithm to decode an encrypted message. This short key is faster and requires less
computing power than other first-generation encryption public key algorithms.
34. Why elliptic curves important?

Elliptic curves are especially important in number theory, and constitute a major area of
current research; for example, they were used in Andrew Wiles's proof of Fermat's Last Theorem.
They also find applications in elliptic curve cryptography (ECC) and integer factorization.

35. Why elliptic curve cryptography is better the RSA.
Elliptic curve cryptography is probably better for most purposes, but not for everything. ECC's main
advantage is that you can use smaller keys for the same level of security, especially at high levels of
security (AES-256 ~ ECC-512 ~ RSA-15424). ... Advantages of ECC: Smaller keys, ciphertexts and
signatures.
36. Is ECC more secure than RSA?

ECC provides the same cryptographic strength as the RSA-system, but with much smaller keys. For
example, a 256-bit ECC key is the same as 3072-bit RSA key (which are 50% longer than the 2048-
bit keys used today).
PART-B
1. Explain Fermat’s & Euler’s theorem. (U)

(Dec 2012) (June 2013) (Dec - 2013) (April/May 2016)
2. Find 3 mod 11 using fermat’s theorem.(6) (A)
21
(Dec - 2013)
3. Describe LFSR & finite field with their application in cryptography. (16) (U) (June – 2014)
4. Explain Discrete logarithms in detail. (U)
5. Explain Euler’s & Chinese Remainder theorem. (U) (May 2011)(June 2012) (Dec - 2013)
6. How is discrete logarithm evaluated for a number? What is the role of discrete logarithms in
the Diffie Hellman key exchange in exchanging the secret key among two users? (E)
(May/June 2008)
7. (a) State Chinese Remainder theorem and find X for the given set of congruent equations
Using CRT. (8) (A)
X = 2(mod 3)
X = 3(mod 5)
X = 2(mod 7).
(b) State and prove Fermat's theorem. (8) (U) (Nov/Dec 2016)
8. State Chinese Remainder theorem and find X for the given set of congruent equations
Using CRT. (8) (A) (April/May 2017)
X = 1(mod 5)
X = 2(mod 7)
X = 3(mod 9)
X = 4(mod 11)
9. State and prove the Chinese remainder Theorem. What are the last two digits of 49 19 ? (A)
(April/May 2018)

10. Explain how encryption and decryption are done using RSA crypto system. (U)
(May/June 2009) (June – 2014)
12.(i) Describe RSA algorithm. (8)
(ii) Perform encryption and decryption using RSA algorithm for the following:
p = 7, q = 11, e = 7, M = 9 (5) (April/May 2019)
13. Explain the RSA Algorithm with example as p =11, q=5, e=3 and PT = 9. (16) (A) (Dec - 2013)
14. Perform encryption/decryption using RSA algorithm for the following: (A)
p=3, q=11, e=7, m=5 (Nov/Dec 2009) (June – 2014)
15. Explain the RSA algorithm in detail. For the given values, trace the sequence of calculation in
RSA. p=7, q=13, e= 5 and m=10. (16) (A) (April /May 2016)
16. Perform encryption and decryption using RSA algorithm for
p = 17, q = 11, e = 7 and M = 88 (A) (Nov/Dec 2018)
17. Explain RSA algorithm, perform encryption and decryption to the system with
p = 7; q = 11; e = 17; M= 8. (16) (A) (Nov/Dec 2016)
18. Describe about the attacks that are possible on RSA algorithm. (U) (Nov/Dec 2009)
19. State the requirements for the design of an elliptic curve crypto system. Using that, explain how
secret keys are exchanged and messages are encrypted. (U) (May/June 2008)
20. Identify the possible threats for RSA algorithm and list their counter measures. (AN)
(May/June 2008) (June 2013) (Dec 2012) (May 2011)
21. How do elliptic curves take part in Encryption and Decryption process? (U) (May/June 2009) .
(U) (April/May 2018)
22. Why ECC is better than RSA? However, why is it not widely used? Defend it.
(AN) (Nov/Dec 2018)
23. Discuss discrete algorithm & explain Diffie-Hellman key exchange algorithm with merits &
demerits. (U) ( May 2011) (Dec 2012) (June 2013) (June – 2014)
24. Users A and B use the Diffie Hellman key exchange technique a common prime q=11 and a
primitive root alpha=7. (A) (May/June 2009)
(i) If user A has private key XA =3 what is A’s public key YA?
(ii) If user B has private key XB =6 what is B’s public key YB?
25. What is the shared secret key? Also write the algorithm. (U)
26. How man in middle attack can be performed in Diffie Hellman algorithm? (U)
(May/June 2009)
27. Explain Diffie-Hellman Key exchange algorithm in detail. (U) (April / May 2017)
28. User A & B use the Diffie-Hellman key exchange algorithm with a common prime q=71,and a
primitive root a=7. If user A has a private key Xa =5. What is A’s public key Ya (8) (E) (June –
2014)
29. Users Alice and Bob use the Diffie Hellman key exchange technique a common prime q=83 and a
primitive root alpha=5. (A) (Nov/Dec 2017)
(i) If Alice has private key XA =6 what is Alice’s public key YA?
(ii) If Bob has private key XB =10 what is Bob’s public key YB?
(iii) What is the shared secret key?
30. (i) Explain briefly about Diffie Hellman key exchange algorithm with its merits and demerits.
(10) (U)

(ii) Explain public key cryptography and when it is preferred? (5) (U) (April/May 2019)
31. Find the secret key shared between user A and user B using Diffie Hellman algorithm for the
following: (A) (Nov/Dec 2018)
q = 353; α (primitive root) = 3, XA = 45 and XB = 50
UNIT IV MESSAGE AUTHENTICATION AND INTEGRITY

Authentication requirement – Authentication function – MAC – Hash function – Security
of hash function and MAC – SHA –Digital signature and authentication protocols – DSS-
Entity Authentication: Biometrics, Passwords, Challenge Response protocols-
Authentication applications – Kerberos, X.509
PART A
1. What is message authentication? (R)

It is a procedure that verifies whether the received message comes from assigned source has not
been altered.
2. Define the classes of message authentication function. (R)

Message encryption: The entire cipher text would be used for authentication.
Message Authentication Code: It is a function of message and secret key produce a fixed
length value.
Hash function: Some function that map a message of any length to fixed length which serves
as authentication.
3. What you meant by MAC? (R)

MAC is Message Authentication Code. It is a function of message and secret key which produce
a fixed length value called as MAC.
4. Specify the requirements for message authentication. (R) (Nov/Dec 2016) (April/May 2019)
i. Disclosure.
ii. Traffic analysis.
iii. Masquerade.
iv. Content Modification.
v. Sequence Modification.
vi. Timing modification.

vii. Repudiation.
5. Differentiate internal and external error control. (AN)

Internal Error Control:
Internal error control, an error detecting code also known as frame check sequence or
checksum.
External Error Control:

In external error control, error detecting codes are appended after encryption.
6. Define the term message digest. (R) (Nov/Dec 2018)

A message digest is a fixed size numeric representation of the contents of a message, computed
by a hash function. i.e. A Message Digest is a cryptographic Hash of a message.
7. What you meant by hash function? (U) (April/May 2018)

Hash function accepts a variable size message M as input and produces a fixed size hash code
H(M) called as message digest as output. It is the variation on the message authentication code.
8. Differentiate MAC and Hash function. (AN) (Nov/Dec 2016)

MAC: In Message Authentication Code, the secret key shared by sender and receiver. The
MAC is appended to the message at the source at a time which the message is assumed or known to be
correct.
Hash Function: The hash value is appended to the message at the source at time when the
message is assumed or known to be correct. The hash function itself not considered to be secret.
9. Define Hash Function. (R)

A function that maps a variable-length data block or message into a fixed-length value called a
hash code. The function is designed in such a way that, when protected, it provides an authenticator to
the data or message. Also referred to as a message digest (or) Hash code.
10. List the Hash Algorithms. (R)

➢ SHA(Secure Hash Algorithm)
➢ MD5(Message Digest Version5)
11. What is the role of compression function in hash function? (April/May 2017)
A compression function takes two fixed size inputs: a chaining value and a message and returns a fixed
size value. So it's essentially a hash function with fixed input size.
12. Write Short notes on MD5. (U)

The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that
produces a 128-bit (16-byte) hash value. MD5 has been employed in a wide variety of security
applications, and is also commonly used to check data integrity. MD5 was designed by Ron Rivest in
1991 to replace an earlier hash function, MD4. An MD5 hash is typically expressed as a 32-digit

hexadecimal number
13. Write Short notes on SHA (Secure Hash Algorithm). (U)

The Secure Hash Algorithm is one of a number of cryptographic hash functions published by
the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing
Standard (FIPS).
14. Contrast various SHA algorithm. (AN) (Nov/Dec 2018)

SHA-0: A retronym applied to the original version of the 160-bit hash function published in 1993 under
the name "SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw"
and replaced by the slightly revised version SHA-1.
SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the
National Security Agency (NSA) to be part of the Digital Signature Algorithm. Cryptographic
weaknesses were discovered in SHA-1, and the standard was no longer approved for most
cryptographic uses after 2010.
SHA-2: A family of two similar hash functions, with different block sizes, known as SHA-256 and
SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words.
There are also truncated versions of each standard, known as SHA-224, SHA-384, SHA-512/224 and
SHA-512/256. These were also designed by the NSA.
SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition among non-
NSA designers. It supports the same hash lengths as SHA-2, and its internal structure differs
significantly from the rest of the SHA family.
15. What is Digital Signature? (U)

A digital signature is an authentication mechanism that enables the creator of a message to
attach a code that acts as a signature. The signature is formed by taking the hash of the message and
encrypting the message with the creator's private key. The signature guarantees the source and integrity
of the message.
16. List the Digital Signature Algorithms. (R)

➢ RSA
➢ El Gamal
➢ DSA
17. List the Processes involved in Digital Signature. (R)

➢ Signing Process
➢ Verification Process
18. Difference between MD5 and SHA-1. (AN)
S.No. Point of Discussion MD5 SHA-1

Message digest length in
1. 128 160
bits
2. Speed Faster(64 iterations) Slower(80 iterations)
Attack to try and find two
Requires 264 operations to Requires 280 operations to
3. messages producing the
break in. break in.
same message digest
19. Show how SHA is more secure than MD5. (AN) (April/May 2019)
SHA is structurally similar to MD5. It is slower than MD5 but more secure, because it produces
message digests that are 25% longer than those produced by the message digest functions. Since
SHA has a longer (160 bits) hash value it is more resistant to brute force attacks than MD5.
20. What are the requirements of the hash function? (U)

✓ H can be applied to a block of data of any size.
✓ H produces a fixed length output.
✓ H(x) is relatively easy to compute for any given x, making both hardware and software
implementations practical.
What do you mean by one way property hash function. (April/May 2011)
For any given value h, it is computationally infeasible to find x such that H(x) = h. This is
sometimes referred to in the literature as the one-way property.
21. Define the classes of message authentication function. (R)

• Message encryption: The entire cipher text would be used for authentication.
• Message Authentication Code: It is a function of message and secret key produce a fixed length
value.
• Hash function: Some function that map a message of any length to fixed length which serves as
authentication.
22. Specify the various types of authentication protocol. (R) (April/May 2017)
• Kerberos authentication protocol
• NT LAN Manager (NTLM) authentication protocol
• Secure Sockets Layer/Transport Security Layer (SSL/TLS)
• Digest authentication
• Smart cards
• Virtual Private Networking (VPN) and Remote Access Services (RAS)
•
23. What is the role of compression function in hash function? (U) (April/May 2017)
A compression function takes a fixed length input and returns a shorter, fixed-length
output. Then a hash function can be defined by means of repeated applications of the
compression function until the entire message has been processed. In this process, a message of
arbitrary length is broken into blocks of a certain length which depends on the compression
function, and "padded" (for security reasons) so that the size of the message is a multiple of the

block size. The blocks are then processed sequentially, taking as input the result of the hash so
far and the current message block, with the final output being the hash value for the message.
24. How is the security of a MAC function expressed? (U) (Nov/Dec 2017)
• A MAC is an authentication technique involves the use of a secret key to generate a small
fixed-size block of data, known as a cryptographic checksum or MAC. The MAC is then
appended to the message.
• Here, sender and receiver share a secret key.
• When A has to send a message to B, it calculates the MAC as a function of the message
and the key:
MAC = MAC(K, M)
where M is
plaintext C is the
MAC function
K is the secret
key and
MAC is the message authentication code.
• The message plus MAC are transmitted to the intended recipient.
• The recipient performs the same calculation on the received message, using the same
secret key, to generate a new MAC. The received MAC is compared to the calculated
MAC.
25. Mention the significance of signature function in Digital Signature Standard approach.
(R) (Nov/Dec 2017)
The Signature function assures the recipient that only the sender, with the knowledge of the
private key, could have produce the valid signature.
26. How digital signatures differ from authentication protocols? (AN) (April/May 2018)
A message authentication code (MAC) protects against message forgery by anyone who
doesn't know the secret key (shared by sender and receiver).This means that the receiver can
forge any message – thus we have both integrity and authentication , but not non-repudiation.
Also an attacker could replay earlier messages authenticated with the same key, so a protocol
should take measures against this (e.g. by including message numbers or timestamps). (Also,
in case of a two-sided conversation, make sure that either both sides have different keys, or by
another way make sure that messages from one side can't sent back by an attacker to this
side.)
MACs can be created from unkeyed hashes (e.g. with the HMAC construction), or created
directly as MAC algorithms.
A (digital) signature is created with a private key, and verified with the corresponding public
key of an asymmetric key-pair. Only the holder of the private key can create this signature,
and normally anyone knowing the public key can verify it. Digital signatures don't prevent the
replay attack mentioned previously.
27. Specify the various types of authentication protocol. (April /May 2017)

• PAP - Password Authentication Protocol.
• CHAP - Challenge-handshake authentication protocol.
• EAP - Extensible Authentication Protocol.
• TACACS, XTACACS and TACACS+
• RADIUS.
• DIAMETER.
• Kerberos (protocol)
28. Define Entity authentication

Entity authentication is a technique designed to let one party prove the identity of another
party.
An entity can be a person, a process, a client, or a server.
The entity whose identity needs to be proved is called the claimant;
the party that tries to prove the identity of the claimant is called the verifier.
29. Difference between Message authentication and Entity authentication

There are two differences between message authentication (data-origin authentication), and
entity authentication.
1) Message authentication might not happen in real time; entity authentication does.
2) Message authentication simply authenticates one message; the process needs to be repeated for
each new message. Entity authentication authenticates the claimant for the entire duration of a
session.
30. Ilustrate different terminologies involved in Entity Authenticaion.

• Verifier - The person who is in charge of checking that the correct entity is involved in
communication is the Verifier. Verifier can also create some tokens by itself during
communication which are used.
• Claimant - The person who wants to start communication by proving its identity is Claimant.
• Nonce – Time variant parameter which is served to distinguish one protocol instance from
another like random number.
• Salt – Upon arrival of password we may add some bits upon initial entry. This t-bit random
string is called “Salt”.
31. What are the properties of Entity authentication?

1.Weak Authentication – Passphrase
2. Partially Strong – One time passwords
3. Strong authentication – using symmetric key - using asymmetric key
4. Zero knowledge based – Schnorr
32. Express Biometric authentication.

Biometric authentication is a security process that relies on the unique biological
characteristics of an individual to verify that he is who is says he is. Biometric authentication systems
compare a biometric data capture to stored, confirmed authentic data in a database. If both samples of
the biometric data match, authentication is confirmed. Typically, biometric authentication is used to
manage access to physical and digital resources such as buildings, rooms and computing devices.

33. What is an example of Biometric authentication?
Biometric recognition (also known as biometrics) refers to the automated recognition of
individuals based on their biological and behavioral traits (ISO/IEC JTC1 SC37). Examples of
biometric traits include fingerprint, face, iris, palmprint, retina, hand geometry, voice, signature and
gait.
34.Why use biometrics?

Unlike the use of other forms of authentication, such as passwords or tokens, biometric
recognition provides a strong link between an individual and a data record. One area where
biometrics can provide substantial help is in guarding against attempts to fraudulently establish
multiple identities.
35. What is Password and its different approaches?

The simplest and oldest method of entity authentication is the password-based authentication, where
the password is something that the claimant knows.
Its different approaches are:
1.User ID and Password file
2.Hashing the password
3.Salting the password
4.ATM card with Pin
36. State Challenge Response authentication.

In challenge-response authentication, the claimant proves that she knows a secret without sending it.
37. What is Kerberos? (R)

Kerberos is an authentication service developed as a part of project Athena at MIT. Kerberos
provide a centralized authentication server whose function is to authenticate servers.
38. What are the requirements of Kerberos? (R) (April/May 2011)

1. Secure
2. Reliable
3. Transparent
4. Scalable
39. Define X.509 Authentication Service. (R)

X.509 is part of the X.500 series. X.509 defines a directory service. X.509 is based on the use
of public-key cryptography and digital signatures. X.509 defines a framework for the provision of
authentication services by the X.500 directory to its users. For example, the X.509 certificate format is
used in S/MIME, IP Security, and SSL/TLS and SET.
40. Write a simple authentication dialogue used in Kerberos. (U) (Nov/Dec 2017)
(1) C AS: IDC||PC||IDV

(2) AS C: Ticket

(3) C V: IDC||Ticket
Ticket = E(Kv, [IDC||ADC||IDV])
• where
• C= client , AS= authentication server ,V=server
• IDC= identifier of user on C ,IDV= identifier of V
• PC= password of user on C ,ADC= network address of C
• Kv= secret encryption key shared by AS and V
the user logs on to a workstation and requests access to server V.
The client module C in the user's workstation requests the user's password and then sends a message to
the AS that includes the user's ID, the server's ID, and the user's password.
The AS checks its database to see if the user has supplied the proper password for this user ID and
whether this user is permitted access to server V.
• the AS creates a ticket that contains the user's ID and network address and the server's ID.
• This ticket is encrypted using the secret key shared by the AS and this server
• This ticket is then sent back to C.
• C sends a message to V containing C's ID and the ticket.
• V decrypts the ticket and verifies that the user ID in the ticket is the same as the unencrypted
user ID in the message.
41. What is a Threat? List their types. (R) (April/May 2018)

A computer threat is a possibility of danger that might harm the vulnerability of a computer
system and breach the security to cause damage. It can have an intentional cause like hacking or an
accidental cause of natural disaster or computer malfunction.
Types of security threats

A spyware threat
Hackers
Phishing scammers
42. In the content of Kerberos, what is realm? (U)

A full service Kerberos environment consisting of a Kerberos server, a no. of clients, no.of
application server requires the following:
_ The Kerberos server must have user ID and hashed password of all participating users in its
database.
_ The Kerberos server must share a secret key with each server. Such an environment is referred
to as “Realm”.
43. Specify the four categories of security threats. (R)

• Interruption
• Interception

• Modification
• Fabrication
44. What you mean by versioned certificate? (U)

Mostly used issue X.509 certificate with the product name” versioned digital id”. Each digital
id contains owner’s public key, owner’s name and serial number of the digital id.
45. List any 2 applications of X.509 Certificates . (R) (Nov/Dec 2017)

Probably the most widely visible application of X.509 certificates today is in web browsers
(such as Mozilla Firefox and Microsoft Internet Explorer) that support the TLS protocol. TLS
(Transport Layer Security) is a security protocol that provides privacy and authentication for your
network traffic. These browsers can only use this protocol with web servers that support TLS.
Other technologies that rely on X.509 certificates include:
• Various code-signing schemes, such as signed Java ARchives, and Microsoft Authenticode.
• Various secure E-Mail standards, such as PEM and S/MIME.
• E-Commerce protocols, such as SET.
PART B
1. Compare the features of SHA-1 and MD-5 algorithm. (AN) (May/June 2007)
2. Discuss the objectives of HMAC and its security features. (U) (May/June 2007)
3. Discuss briefly about Digital Signature Algorithm. (U)
(May/June 2007) (Nov/Dec 2007) (May/June 2009) (May/June 2010)(June – 2014)
4. Describe the block chaining technique. (U) (Nov/Dec 2007)
5. Discuss the security of HMAC. (U) (Nov/Dec 2007)
6. What is message authentication? Explain. (R) (May/June 2009)
7. How does SHA-1 logic produce message digest? (U) (May/June 2009)
8. Illustrate SHA2 in detail. (U) (Nov/Dec 2018)
9. Explain the challenges/ response approach in mutual authentication. (U) (May/June 2009)
10. Explain digital signature standard with necessary diagrams in detail.(16) (U) (Nov/Dec
2016)(April/May 2017)
11. Describe digital signature algorithm and show how signing and verification is done using DSS.
(E) (May/June 2008) (April/May 2019)
12. Write about the symmetric encryption approach for digital signatures. (U) (May/June 2008)
13. What are the properties a hash function must satisfy? Explain. (R)
(Nov/Dec 2009) (Dec 2012, 2013)
14. Explain about any two authentication protocols. (R) (May/June 2010)
15. Discuss briefly about Secure Hash Algorithm. (U) (May/June 2010) (June 2013)
(Dec - 2013)(April/May 2016)
16. Explain the types of Digital Signatures. (R)

17. With a neat diagram, explain the steps involved in SHA algorithm for encrypting a message with
maximum length of less than 2128 bits and produces as output a 512-bit message digest. (A) (
Nov/Dec 2017)
18. How Hash Function algorithm is designed? Explain their feature and properties. (AN) (April/May
2018)
19. Explain in detail on Entity Authenticaion.
20. How the encryption is key generated from password in Kerberos? (U) (May/June 2007)
21. Explain Kerberos Version 4 in detail. (16) (R) (April / May 2016)
22. How the encryption is key generated from password in Kerberos? (U) (May/June 2007)
23. Explain Kerberos Version 4 in detail. (16) (R) (April / May 2016)
24. Discuss Client Server Mutual authentication, with example flow diagram. (16) (U)
(Nov/Dec 2016)
25. Discuss the different types of authentication procedures? (U) (Nov/Dec 2007)
26. Describe the authentication dialogue used by Kerberos for obtaining services from another realm.
(U) (May/June 2008)
27. Explain with the help of an example how a user’s certificate is obtained from another certification
authority in x509 scheme. (E) (May/June 2008)
28.(i) What is Kerberos? Explain how it provides authenticated service. ( 7) (U)
(ii) Explain the format of the X.509 certificate. (6) (U) (April/May 2019)
29. Explain Kerberos Authentication mechanism with suitable diagrams.(16) (U) (June – 2014)
30.(i) What is Kerberos? Explain how it provides authenticated service. (8) (U) (April/May 2018)
(ii) Explain the format of the X.509 certificate. (8) (R) (April/May 2018)
UNIT V SECURITY PRACTICE AND SYSTEM SECURITY

Electronic Mail security – PGP, S/MIME – IP security – Web Security – SYSTEM
SECURITY: Intruders – Malicious software – viruses – Firewalls.
PART A
1. What do you mean by PGP? (Npv/DEC 2011)

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and
authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-
mails, files, directories, and whole disk partitions and to increase the security of e-mail communications
2. What are the services provided by PGP? (R) (April/May 2018, Nov/Dec 2018)
• Digital signature
• Message encryption

• Compression
• E-mail compatibility
• Segmentation
3. Explain the reasons for using PGP. (U)

a) It is available free worldwide in versions that run on a variety of platforms, including
DOS/windows, UNIX, Macintosh and many more.
b) It is based on algorithms that have survived extensive public review and are considered
extremely secure.
E.g.) RSA, DSS and Diffie-Hellman for public key encryption, CAST-128, IDEA, 3DES for
conventional encryption, SHA-1for hash coding.
c) It has a wide range of applicability from corporations that wish to select and enforce a
standardized scheme for encrypting files and communication.
d) It was not developed by nor is it controlled by any governmental or standards organization.
4. Why E-mail compatibility function in PGP needed? (U)

Electronic mail systems only permit the use of blocks consisting of ASCII text. To
accommodate this restriction PGP provides the service converting the row 8- bit binary stream to a
stream of printable ASCII characters. The scheme used for this purpose is Radix-64 conversion.
5. Name any cryptographic keys used in PGP. (R)

a) One-time session conventional keys.
b) Public keys.
c) Private keys.
d) Pass phrase based conventional keys.
6. Define key Identifier. (R)

PGP assigns a key ID to each public key that is very high probability unique with a user ID. It
is also required for the PGP digital signature. The key ID associated with each public key consists of
its least significant 64bits.
7. List the limitations of SMTP/RFC 822. (U) (Nov/Dec 2016)

a) SMTP cannot transmit executable files or binary objects.
b) It cannot transmit text data containing national language characters.
c) SMTP servers may reject mail message over certain size.
d) SMTP gateways cause problems while transmitting ASCII and EBCDIC.
e) SMTP gateways to X.400 E-mail network cannot handle non textual data included in X.400
messages.
8. Define S/MIME. (R)

Secure/Multipurpose Internet Mail Extension(S/MIME) is a security enhancement to the MIME
Internet E-mail format standard, based on technology from RSA Data Security.

9. What are the elements of MIME? (R)
• Five new message header fields are defined which may be included in an RFC 822 header.
• A number of content formats are defined.
• Transfer encodings are defined that enable the conversion of any content format into a form that
is protected from alteration by the mail system.
10. Mention the five headers fields defined in MME? (R) (April/May 2019)
➢ MIME version.
➢ Content type.
➢ Content transfer encoding.
➢ Content id.
➢ Content description.
11. What is MIME content type? Explain. (U)

It is used to declare general type of data. Subtype define particular format for that type of the
data. It has 7 content type & 15 subtypes. They are,
1. Text type
Plain text.
Enriched.
2. Multipart type
Multipart/mixed.
Multipart/parallel.
Multipart/alternative.
Multipart/digest.
3. Message type
Message/RFC822.
Message/partial.
Message/external.
4. Image type
JPEG.
CIF.
5. Video type.
6. Audio type.
7. Application type
Post script.
Octet stream.
12. What are the key algorithms used in S/MIME? (R)

➢ Digital Signature Standards.
➢ Diffi-Hellman.
➢ RSA Algorithm.

13. Give the steps for preparing envelope data MIME. (U)
1. Generate Ks.
2. Encrypt Ks using recipient’s public key.
3. RSA algorithm used for encryption.
4. Prepare the ‘recipient info block’.
5. Encrypt the message using Ks.
14. What are the function areas of IP security? (R)

• Authentication
• Confidentiality
• Key management.
15. Give the application of IP security. (U)

• Provide secure communication across private & public LAN.
• Secure remote access over the Internet.
• Secure communication to other organization.
16. What are the benefits of IP Security? (U) (April/May 2017, April/May 2019)
• Provide security when IP security implement in router or firewall.
• IP security is below the transport layer is transparent to the application.
• IP security transparent to end-user.
• IP security can provide security for individual user.
17. What are the protocols used to provide IP security? (R)

• Authentication header (AH) protocol.
• Encapsulating Security Payload (ESP).
18. Specify the IP security services. (R)
• Access control.
• Connectionless integrity.
• Data origin authentication
• Rejection of replayed packet.
• Confidentiality.
• Limited traffic for Confidentiality.
19. List out the steps involved in SSL record protocol. (U)
1. SSL record protocol takes application data as input and fragments it.
2. Apply lossless Compression algorithm.
3. Compute MAC for compressed data.
4. MAC and compression message is encrypted using conventional algorithm.
20. Write short notes on Transport Layer Security (TLS). (U)

Transport Layer Security is defined as a Proposed Internet Standard in RFC 2246. RFC 2246 is

very similar to SSLv3. The TLS Record Format is the same as that of the SSL Record Format, and the
fields in the header have the same meanings. The one difference is in version number
.
21. Differentiate Transport and Tunnel mode in IPsec. (AN) (Nov/Dec 2018)
S.No. Transport mode Tunnel Mode

Provide the protection for upper layer protocol Provide the protection for entire IP Packet.
1
between two hosts.
ESP in this mode encrypts and optionally ESP in this mode encrypt authenticate the
2
authenticates IP Payload but not IP Header. entire IP packet.
AH in this mode authenticate the entire IP
AH in this mode authenticate the IP Payload
3 Packet plus selected portion of outer IP
and selected portion of IP Header.
Header.
22. Define Intruder. (R) ) (April /May 2011) (Nov/Dec 2016) (April/May 2019)
An individual who gains, or attempts to gain, unauthorized access to a computer system or to

gain unauthorized privileges on that system.
23. List the three classes of Intruders.(R) (April /May 2011) (Nov/Dec 2016) (April/May 2019)
1. Masquerader
2. Misfeasor
3. Clandestine user
24. Write short notes on Intrusion detection system. (U)

A set of automated tools designed to detect unauthorized access to a host system.
25. Discriminate statistical anomaly detection and rule based detection. (AN) (Nov/ Dec 2018)
Statistical Anomaly Detection Rule Based Detection
Involves the collection of data relating to the Involves an attempt to define a set of rules that
behavior of legitimate users over a period of can be used
time. Then statistical tests are applied to decide that a given behavior is that of an
to observed behavior to determine with a high intruder.
level of confidence whether that
behavior is not legitimate user behavior
a. Threshold detection a. Anomaly detection
b. Profile based b. Penetration identification
26. Write short notes on malicious software. (U)

Malicious software is software that is intentionally included or inserted in a system for a harmful
purpose.
27. What are the effects of malicious software? (Nov/Dec 2011)

• Disrupts operations.

• Steals sensitive information.
• Allows unauthorized access to system resources.
• Slows computer or web browser speeds.
• Creates problems connecting to networks.
• Results in frequent freezing or crashing.
28. What do you mean by Trojan Horses? (April/May 2011)

A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can
take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some
other harmful action on your data or network.
29. Write short notes on Virus. (U)

A virus is a piece of software that can "infect" other programs by modifying them; the
modification includes a copy of the virus program, which can then go on to infect other programs.
30. Write short notes on Worm. (U) (Nov/Dec 2011)

A worm is a program that can replicate itself and send copies from computer to computer across
network connections.
6. Difference spyware and virus.(May/June 2014)

Spyware is a specific type of unwanted software that covertly collects your information. A virus is a
specific way software can be covertly distributed, often by e-mail. Both spyware and viruses can cause
damage to your computer or cause you to lose important data.
32. Define Botnets. (R) (Nov/Dec 2016)
A botnet (also known as a zombie army) is a number of Internet computers that, although their
owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to
other computers on the Internet.
33. Define Zombie. (R) (Nov/Dec 2016)

A Zombie is a program that secretly takes over another Internet-attached computer and then
uses that computer to launch attacks that are difficult to trace to the zombie’s creator. Zombies are used
in denial-of-service attacks, typically against targeted web sites.
13. Define Statistical anomaly detection. (R)

Involves the collection of data relating to the behavior of legitimate users over a period of time.
Then statistical tests are applied to observed behavior to determine with a high level of confidence
whether that behavior is not legitimate user behavior.
34. What is mean by SET? What are the features of SET? (U)
Secure Electronic Transaction (SET) is an open encryption and security specification designed
to protect credit card transaction on the internet.
Features are:

1. Confidentiality of information
2. Integrity of data
3. Cardholder account authentication
4. Merchant authentication
35. What is application level gateway? (U)

An application level gateway also called a proxy server; act as a relay of application-level
traffic. The user contacts the gateway using a TCP\IP application, such as Telnet or FTP, and the
gateway asks the user for the name of the remote host to be accessed.
36. List the design goals of firewalls. (U) (April/May 2019)

1. All traffic from inside to outside, and vice versa, must pass through the firewall.
2. Only authorized traffic, as defined by the local security policy, will be allowed to pass.
3. The firewall itself is immune to penetration.
37. Define the roles of firewall. (R) (April/May 2017) (April/May 2018)
A firewall is responsible for bringing in only safe and relevant traffic to your private network
or computer system. It keeps a check on any unauthorized access to your computer and automatically
refuses and decrypt’s unwanted information through the network.
38. List various types of firewall. (R) (Nov/Dec 2018)

There are 3 common types of firewalls.
✓ Packet filters
✓ Application-level gateways
✓ Circuit-level gateways
39. Distinguish between Attack and Threat. (AN) (Apr/May 2017, Nov/Dec 2018)
Parameter Attack Threat
An attack is a deliberate act that exploits Threat is anything potential that cause
Meaning
vulnerability harm to the system
• Virus – Piece of software to steal • Security threat – Data stealing,
and damage computer exploitation of data, virus attack
• Spyware – Collects information etc.
against user’s own will • Physical threat – Loss or physical
Categories • Phishing – Mostly done through damage to the system
email like fraudulent system • Internal – power supply, hardware
• Worms – Self-replicating from one fault etc.
system to another • External – lighting, natural disaster
• Spam – Spam emails are computer such as flood, earthquake

security threat • Human – theft, vandalism etc.
• Botnets – Bots used to target and • Non-physical threat – Loss of
attack systems information, data corruption, cyber
• DOS attacks – Bombarding server security breaches etc.
with traffic to overwhelm the
system
40. What are the steps involved in SET Transaction? (R)

1. The customer opens an account
2. The customer receives a certificate
3. Merchants have their own certificate
4. The customer places an order.
5. The merchant is verified.
6. The order and payment are sent.
7. The merchant requests payment authorization.
8. The merchant confirm the order.
9. The merchant provides the goods or services.
10. The merchant requests payment.
41. Draw the ESP packet format. (R) (April/May 2017)
41. Specify the purpose of ID payload in phase I and Phase II inherent in ISAKMP/IKE
Encoding. (U) (April/May 2017)

ISAKMP defines payloads for exchanging key generation and authentication data. These
formats provide a consistent framework for transferring key and authentication data which is
independent of the key generation technique, encryption algorithm and authentication mechanism.
42. Justify the following statement: (U) (Nov/Dec 2017)
“With a Network Address Translation(NAT) box, the computers on your internal network do not
need global IPV4 addresses in order to connect to the Internet .”
A NAT box located where the LAN meets the Internet makes all necessary IP address
translations. Hence, addresses allocated are locally unique but not globally unique.
43. What is the difference between TLS and SSL Security? (AN) (April/May 2018)
S.NO Concepts TLS SSL
It is little slower due to the It is faster than TLS as
1. Which is faster? two-step communication authentications are not
process i.e. handshaking and carried out intensively.
actual data transfer.
Which is complex to
It is complex as it requires It is simpler than the TLS
2. manage on the server
certificate validations and as it lacks few features that
side?
good authentications. are present in the TLS.
PART -B
1. Illustrate the confidentiality service provided by PGP. (U) (May/June 2007)

2. Summarize the S/MIME in detail. (U) (May/June 2007) (June 2013) (Nov/Dec 2018)
3. What services are provided by IP sec? (R) (May/June 2007) (June 2012)
4. What are the key features of SET? Explain. (U) (Nov/Dec 2007)
5. What protocols comprise SSL? Explain any two of them. (U) (Nov/Dec 2007)
6. Explain the operational description of PGP.(16) (U) (Nov/Dec 2016)
7. Explain PGP cryptographic functions in detail with suitable block diagrams. (U)
(April/May 2019)
8. How does PGP provide confidentiality and authentication service for e-mail and file storage
applications? Draw the block diagram and explain its components. (U) (May/June 2009)
9. Evaluate the performance of PGP. Compare it with S/MIME. (AN) (Nov/Dec 2018)
10. Bring out the importance of security associations in IP. (AN) (May/June 2009)
11. Describe the SSL Specific protocol – Handshake action in detail. (U)
(May/June 2009) (Dec /2013)(April / May 2016)
12. What are the functions included in MIME in order to enhance security? How are they done?
(E) (May/June 2008)
13. Explain the services of PGP. (U) (Nov/Dec 2009) (Dec - 2012) (May 2011)
14. Discuss briefly about PGP used for Email security. (U) (May/June 2010) (June –
2014)(April/May 2018)
15. Discuss briefly about X.509 authentication service. (U) (May/June 2010) (June 2013)

16. Describe about SET. (U) (Dec - 2012) (June 2012) (Nov/Dec 2017)
17. Discuss the working of SET with neat diagram. (16) (U) (Nov/Dec 2016)
18. Differentiate SSL & SET. (8) (AN) (May - 2011)
19. Explain about the overview of IP Security documents. (8)(U) (May 2011)
20. Explain the architecture of IP security in detail with a neat block diagram. (U)
(April/May 2017, April/May 2019)
21. Discuss authentication header and ESP in detail with their packet format . (U) (April/May 2017)
22. Discuss the different methods involved in authentication of the source.(8) (U) (Nov/Dec 2017)
23. Write about how the integrity of message is endured without source authentication.(8) (U)
(Nov/Dec 2017)
24. Describe in detail about SSL/TLS. (U) (Nov/Dec 2018)
25. Write the steps involved in the simplified form of the SSL/TLS protocol. (8) (U) (Nov/Dec 2017)
26. Write the methodology involved computing the keys in SSL/TLS protocol. (8) (U)
(Nov/Dec 2017)
27. Write short notes on the following: (U) (April/May 2018)
a) Public Key Infrastructure (8)
b) Secure Electronic Transaction. (8)
28.Explain the technical details of firewall and describe any three types of firewall with neat
diagram. (16) (U) (Nov/Dec 2016)
28. Explain the characteristics and types of firewalls. (16) (U) (April / May 2016,April/May 2019)
29. Discuss how firewalls help in the establishing a security framework for an organization. (U)
(Nov/Dec 2017)
30. Define intrusion detection and the different types of detection mechanisms, in detail. (16) (U)
(April / May 2017)
31. Illustrate the working principle of SET. Relate SET for E-Commerce applications.
(U) (Nov/Dec 2018)
32. (i)Explain any two approaches for intrusion detection. (8) (U)
(ii)Identify a few malicious programs that need a host program for their existence. (8) (E)
33. (i) Explain firewalls and how they prevent intrusions. (8) (U)
(ii) List and Brief, the different generation of antivirus software (8) (U)
34. Explain the types of Host based intrusion detection. List any two IDS software available. (R)
35. What are the positive and negative effects of firewall? (8) (AN)
36. Describe the familiar types of firewall configurations.(16) (U)
37. Write brief notes on the following: (U) (April /May 2016)
(i) Classification of viruses. (8)
(ii) Worm Counter Measures. (8)
38. Discuss the different types of virus in detail. Suggest scenarios for deploying these types in network
scenario. (U) (April / May 2017)
39. Analyze various types of virus and its counter measures. (AN) (Nov/Dec 2018)


CS8792 CNS QBank PIT

Uploaded by

Copyright:

Available Formats

CS8792 CNS QBank PIT

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CS8792 CNS QBank PIT

Uploaded by

Copyright:

Available Formats

CS8792 CRYPTOGRAPHY AND NETWORK SECURITY LTPC

UNIT II SYMMETRIC KEY CRYPTOGRAPHY

UNIT III PUBLIC KEY CRYPTOGRAPHY

UNIT IV MESSAGE AUTHENTICATION AND INTEGRITY

UNIT V SECURITY PRACTICE AND SYSTEM SECURITY

Downloaded from: annauniversityedu.blogspot.com

➢ Understand the fundamentals of networks security, security architecture, threats and

1. C K Shyamala, N Harini and Dr. T R Padmanabhan: Cryptography and Network

2. BehrouzA.Foruzan, Cryptography and Network Security, Tata McGraw Hill 2007.

Downloaded from: annauniversityedu.blogspot.com

1. What is Cryptography in network security? (R)

2.How is cryptography done?

3. What is Plain text? (U)

4. What is Cipher Text? (U)

5. What is Cryptology? (R)

6. Define Cryptanalysis. (R)

What are the two main types of cryptography?

7. What is Key? (U)

Downloaded from: annauniversityedu.blogspot.com

8. What are the aspects of security?

9.What is the need for security?

10. Why OSI Security architecture?

11. Define Security attack, Security mechanism and Security services.

12. What is Symmetric Cryptography? (U)

13. What is Asymmetric Cryptography? (U)

14. What is Passive attack? (U)

Downloaded from: annauniversityedu.blogspot.com

17. Distinguish Threat and Attack (Nov/Dec 2018)

18. Specify four categories of security threats

19.List the different Types of Ciphers. (R)

Downloaded from: annauniversityedu.blogspot.com

20. Define integrity and nonrepudiation. (R)

21. Define confidentiality and authentication. (R)

22. Define security mechanism. (U)

23. Specify the four categories of security threads. (R)

24. Differentiate symmetric and asymmetric encryption. (AN)

Downloaded from: annauniversityedu.blogspot.com

29. Define steganography. (R)

30. Why network need security? (U)

Downloaded from: annauniversityedu.blogspot.com

32. Specify the components of encryption algorithm. (R) (April/May 2019)

33. Define product cipher. (R)

17 (R) 14 (O) 2 (C) 10 (K) -> Plain Text

Cipher Text: SCVC

36. Define Monoalphabetic substitution cipher?

37. What are the rules of PlayFair cipher?

Downloaded from: annauniversityedu.blogspot.com

39. Differentiate Classic Cryptography and Modern Cryptography.

Classic Cryptography Modern Cryptography.

40. What is Perfect Security in modern cryptography?

41. Why information theory in Cryptography?

42. What is product Cryptosystem?

43. List the types of cryptanalysis attack

Downloaded from: annauniversityedu.blogspot.com

Downloaded from: annauniversityedu.blogspot.com

UNIT II SYMMETRIC KEY CRYPTOGRAPHY

1.Why do we use modular arithmetic so often in cryptography?(Nov/Dec 2013)

2.Define Euclids Algorithm.

GCD(a,b) = GCD(b, a mod b)